CVE-2024-3181

CVSS V2 None CVSS V3 None
Description
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
Overview
  • CVE ID
  • CVE-2024-3181
  • Assigner
  • ConcreteCMS
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-04-03T19:09:44.345Z
  • Last Modified Date
  • 2024-06-04T17:31:29.530Z
History
Created Old Value New Value Data Type Notes
2024-06-23 23:14:27 Added to TrackCVE